FBI Warns of Malware Threat Through Hotel Internet Services

By CIOinsight |
Posted 05-11-2012

The FBI issued an advisory this week alerting international travelers about attempts to infect their computers with malware when they log on to hotel networks.

In an intelligence note from the FBI's Internet Crime Complaint Center (IC3), the agency warned that attackers have been targeting travelers abroad when they use the Internet connection in their hotel rooms. According to the FBI, when the victims attempted to set up the hotel room Internet connection, they were presented with a pop-up window notifying them to update a "widely-used software product."

"If the user clicked to accept and install the update, malicious software was installed on the laptop," according to IC3. "The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available."

The FBI recommends checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor, and advises travelers to update the software on their laptops immediately before traveling.

The warning follows a December report from Bloomberg that cited unnamed sources alleging that iBAHN, one of the largest providers of hotel Internet service in the world, had been compromised. The company has denied the accusation. The FBI warning does not include any information about specific hotel chains or service providers.

The scant details offered in the intelligence note, however, make it difficult to know exactly what travelers should do beyond the basics, argued Graham Cluley, senior technology consultant at Sophos.

"What's fascinating about the advisory is what it doesn't say," he blogged. "And without more information it's hard to know how computer users are supposed to take meaningful action to protect themselves other than follow the normal advice of running security software, being careful what you install, running a VPN to hide your browsing from snoopers, etc.

"It's certainly very peculiar that the FBI didn't share more information in its warning, or mention where in the world it believes it has seen these attacks taking place," he added. "By coincidence, earlier this week, for the first time in almost ten years, a Chinese defense minister visited the United States. The day before the FBI's warning was issued, US Defense Secretary Leon Panetta met his Chinese counterpart Liang Guanglie in Washington DC, and told the world's press that the two countries must work together to avoid cyber war, and emphasized the importance of the relationship between China and the USA."